Patch

diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rstindex f584fb74b4ff..df2614bc25b9 100644--- a/Documentation/security/self-protection.rst+++ b/Documentation/security/self-protection.rst@@ -84,12 +84,14 @@ For variables that are initialized once at ``__init`` time, these can
be marked with the (new and under development) ``__ro_after_init``
attribute.
-What remains are variables that are updated rarely (e.g. GDT). These-will need another infrastructure (similar to the temporary exceptions-made to kernel code mentioned above) that allow them to spend the rest-of their lifetime read-only. (For example, when being updated, only the-CPU thread performing the update would be given uninterruptible write-access to the memory.)+Others, which are statically allocated, but still need to be updated+rarely, can be marked with the ``__wr_after_init`` attribute.++The update mechanism must avoid exposing the data to rogue alterations+during the update. For example, only the CPU thread performing the update+would be given uninterruptible write access to the memory.++Currently there is no protection available for data allocated dynamically.
Segregation of kernel memory from userspace memory
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~